Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/qb08zQLb9Ib-Ae03Q17yZEqR9WI.roa
File:                     qb08zQLb9Ib-Ae03Q17yZEqR9WI.roa (raw, json)
Hash identifier:          /4/k1KwQr1yPXScflyLx7MXxUurfXjwpoVQyIAiyMW4=
Subject key identifier:   A9:BD:3C:CD:02:DB:F4:86:FE:01:ED:37:43:5E:F2:64:4A:91:F5:62
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018E421C75A98691748B100C46A6D82F8134
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/qb08zQLb9Ib-Ae03Q17yZEqR9WI.roa
Signing time:             Fri 15 Mar 2024 12:35:45 +0000
ROA not before:           Fri 15 Mar 2024 12:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61206
IP address blocks:        194.190.74.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:42:1c:75:a9:86:91:74:8b:10:0c:46:a6:d8:2f:81:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Mar 15 12:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9bd3ccd02dbf486fe01ed37435ef2644a91f562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c3:d2:e3:d5:cf:05:96:40:47:05:27:ed:8a:
                    75:64:6c:8b:b2:43:4e:4b:75:0c:f1:0f:c6:84:70:
                    65:a4:82:fd:ce:eb:85:88:ea:bf:d2:ae:be:d8:bb:
                    5e:ca:48:ba:6f:a1:b9:ad:25:38:fe:54:60:05:a4:
                    09:77:56:26:ae:18:66:cf:03:50:e8:cf:e5:df:f7:
                    1c:a0:66:5d:f8:8f:ed:ac:28:ff:ba:ee:dc:b7:9e:
                    08:58:b9:ff:f3:1a:c8:72:66:05:33:69:3b:40:d8:
                    98:b3:cc:c1:97:2b:8b:0c:a0:5e:9c:1b:9f:3e:6e:
                    f3:82:ed:16:46:fb:25:07:a1:5f:c7:0d:c5:c2:64:
                    ab:4a:89:20:08:cc:9c:9c:51:43:cb:33:e1:dd:e6:
                    c4:cc:bf:af:a1:2b:10:a4:52:85:d6:64:0b:2f:7f:
                    87:2f:95:f9:79:fc:4b:af:28:73:b7:a3:88:0f:89:
                    2c:2b:95:41:16:68:65:98:6f:1d:69:06:3a:bf:03:
                    ba:c7:b5:6c:28:61:b7:21:e0:40:ab:ab:ed:2d:85:
                    bc:2d:46:ad:de:6a:c5:aa:5d:c4:f4:5d:9b:1e:4b:
                    ec:49:7a:96:cd:67:12:6d:0f:c8:d0:cc:a3:dc:ed:
                    d2:55:e3:61:ef:8c:2a:e0:5d:e1:d0:bc:9c:d7:ff:
                    c3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BD:3C:CD:02:DB:F4:86:FE:01:ED:37:43:5E:F2:64:4A:91:F5:62
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/qb08zQLb9Ib-Ae03Q17yZEqR9WI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:a2:d9:2c:58:7d:ea:59:e1:1e:a3:9f:a9:8a:0d:03:a5:e4:
         9c:55:a3:5f:fe:7c:23:ad:b0:ba:7c:ba:91:96:d1:f3:b6:97:
         36:8b:d9:ad:72:25:4c:45:6b:c0:53:0e:b0:8d:5a:a6:b6:63:
         46:9b:fe:53:5d:5c:02:2f:05:b4:4e:bc:c6:f1:2a:4a:c6:d5:
         07:ba:3a:82:2d:83:43:2e:e4:9a:ae:1e:b9:86:c0:af:cf:dc:
         81:8e:87:93:01:54:d3:cc:49:df:5d:a2:48:c2:b3:92:90:61:
         1c:00:41:66:96:b4:60:b2:96:3b:22:1e:24:9c:0c:a3:f6:ec:
         c4:f4:f0:9f:cb:79:bc:39:4f:41:97:62:1c:92:d7:15:33:3d:
         22:b0:59:fc:d7:0b:94:b2:45:25:9a:50:6f:b4:2f:8b:23:ff:
         c4:a2:58:c7:12:67:00:d8:da:08:57:9e:66:3f:52:70:a5:d8:
         dc:8d:38:31:c2:49:3b:47:65:2e:18:91:b0:f2:46:1c:85:9d:
         b0:36:dc:4a:88:c6:27:b3:6d:2b:83:2f:8b:c6:5d:25:03:61:
         94:24:ad:d6:b1:60:22:1e:30:55:be:be:08:31:5f:5b:f8:74:
         4c:63:33:7d:c6:6f:1a:bf:b2:e4:b1:30:a4:8c:38:25:38:c3:
         ea:7c:5f:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5CHHWphpF0ixAMRqbYL4E0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMzE1MTIzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWJkM2NjZDAyZGJmNDg2ZmUwMWVkMzc0MzVlZjI2NDRhOTFmNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsPS49XPBZZARwUn7Yp1ZGyLskNO
S3UM8Q/GhHBlpIL9zuuFiOq/0q6+2Lteyki6b6G5rSU4/lRgBaQJd1YmrhhmzwNQ
6M/l3/ccoGZd+I/trCj/uu7ct54IWLn/8xrIcmYFM2k7QNiYs8zBlyuLDKBenBuf
Pm7zgu0WRvslB6Ffxw3FwmSrSokgCMycnFFDyzPh3ebEzL+voSsQpFKF1mQLL3+H
L5X5efxLryhzt6OID4ksK5VBFmhlmG8daQY6vwO6x7VsKGG3IeBAq6vtLYW8LUat
3mrFql3E9F2bHkvsSXqWzWcSbQ/I0Myj3O3SVeNh74wq4F3h0Lyc1//D5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKm9PM0C2/SG/gHtN0Ne8mRKkfViMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvcWIwOHpRTGI5SWItQWUwM1ExN3laRXFSOVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwr5KMA0G
CSqGSIb3DQEBCwUAA4IBAQC2otksWH3qWeEeo5+pig0DpeScVaNf/nwjrbC6fLqR
ltHztpc2i9mtciVMRWvAUw6wjVqmtmNGm/5TXVwCLwW0TrzG8SpKxtUHujqCLYND
LuSarh65hsCvz9yBjoeTAVTTzEnfXaJIwrOSkGEcAEFmlrRgspY7Ih4knAyj9uzE
9PCfy3m8OU9Bl2IcktcVMz0isFn81wuUskUlmlBvtC+LI//EoljHEmcA2NoIV55m
P1JwpdjcjTgxwkk7R2UuGJGw8kYchZ2wNtxKiMYns20rgy+Lxl0lA2GUJK3WsWAi
HjBVvr4IMV9b+HRMYzN9xm8av7LksTCkjDglOMPqfF/s
-----END CERTIFICATE-----